Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

158 matches found

NVD
NVDadded 6 days ago6 views

CVE-2026-10070

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00035EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 6 days ago5 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00035EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 6 days ago3 views

PT-2026-44921

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS5.5AI score0.00035EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/04/21 12:0 a.m.3 views

goshs 访问控制错误漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained an access control vulnerability. This vulnerability occurred when using the basic authentication syntax with an empty username recorded in the documentation, without...

9.8CVSS5.8AI score0.00098EPSS
Exploits1References1
NVD
NVDadded 2026/04/17 3:16 p.m.1 views

CVE-2026-6493

A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx of the component Reset Password Handler. Executing a manipulation of the argument redirectTo can lead to cross site...

5.1CVSS0.00013EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.1 views

PT-2026-33458

Name of the Vulnerable Software and Affected Versions lukevella rallly versions prior to 4.8.0 Description A flaw in the Reset Password Handler component within the file 'apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx' allows for remote cross site scripting. This...

5.1CVSS4.6AI score0.00013EPSS
Exploits0References10
OSV
OSVadded 2026/04/14 10:28 p.m.2 views

GHSA-C29W-QQ4M-2GCV goshs has an empty-username SFTP password authentication bypass

Summary goshs contains an SFTP authentication bypass when the documented empty-username basic-auth syntax is used. If the server is started with -b ':pass' together with -sftp, goshs accepts that configuration but does not install any SFTP password handler. As a result, an unauthenticated network...

9.8CVSS5.8AI score0.00098EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.2 views

PT-2026-33233

Name of the Vulnerable Software and Affected Versions goshs version v2.0.0-beta.5 Description An authentication bypass exists in the SFTP service when the server is configured using the basic authentication syntax with an empty username, such as using the -b variable with the format ':pass'. In...

9.8CVSS5.8AI score0.00098EPSS
Exploits1References6
RedhatCVE
RedhatCVEadded 2026/01/07 9:55 a.m.4 views

CVE-2025-1081

A vulnerability was found in Bharti Airtel Xstream Fiber up to 20250123. It has been rated as problematic. This issue affects some unknown processing of the component WiFi Password Handler. The manipulation leads to use of weak credentials. The attack needs to be done within the local network. Th...

3.1CVSS6.4AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:54 a.m.3 views

CVE-2025-1369

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Affected by this vulnerability is an unknown functionality of the component USB Password Handler. The manipulation leads to os command injection. The attack needs to be approached locally. The complexit...

4.5CVSS7.1AI score0.00098EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:19 a.m.2 views

CVE-2025-1629

A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vend...

5.1CVSS4.1AI score0.00129EPSS
Exploits0References1
OSV
OSVadded 2025/12/18 8:15 p.m.0 views

CVE-2025-14889

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

6.3CVSS5.5AI score0.00047EPSS
Exploits1References5
NVD
NVDadded 2025/12/18 8:15 p.m.1 views

CVE-2025-14889

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

6.3CVSS0.00047EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2025/12/18 8:2 p.m.1 views

CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

5.5CVSS5.4AI score0.00047EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2025/12/18 8:2 p.m.2 views

CVE-2025-14889

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

6.3CVSS5.2AI score0.00047EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2025/12/18 8:2 p.m.5 views

CVE-2025-14889

Campcodes Advanced Voting Management System 1.0 is affected. The vulnerability lies in the Password Handler’s unknown function within /admin/voters_edit.php where manipulating the ID parameter causes improper authorization. The issue is remotely exploitable and the exploit has been publicly relea...

6.3CVSS5.4AI score0.00047EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2025/12/18 8:2 p.m.19 views

CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization

A security flaw has been discovered in Campcodes Advanced Voting Management System 1.0. The impacted element is an unknown function of the file /admin/votersedit.php of the component Password Handler. Performing a manipulation of the argument ID results in improper authorization. The attack is...

5.5CVSS0.00047EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2025/12/18 12:0 a.m.2 views

PT-2025-52331

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Voting Management System version 1.0 Description A security flaw exists in Campcodes Advanced Voting Management System. The issue is related to improper authorization resulting from manipulation of the ID argument within an...

6.3CVSS5.2AI score0.00047EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/12/12 3:13 a.m.1 views

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS6.3AI score0.0049EPSS
Exploits0References1
NVD
NVDadded 2025/12/11 3:15 a.m.2 views

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

5CVSS0.0049EPSS
Exploits0References5
Rows per page
Query Builder